Design for securely storing BMC/UEFI credentials in PostgreSQL

[ajf]

Figure out how to store secret material in PostgreSQL either using a PostgreSQL extension (operational burden) or with a symmetric key provided at startup time.

Requirements:

• Must support rotation of the master key
• Must support rotation of individual BMC or UEFI passwords
• Must be cryptographically secure if the database is stolen

[chet]

Taking this.